1. Field of the Invention
The present invention relates generally to network security, and more particularly to using feedback and control to enhance network security.
2. Description of Related Art
Network security is typically provided by multi-vendor security services and products. Each security service and product typically generates a security event in response to one or more specified detected actions and generates a log of the security events. Typically, each vendor for a security service and product utilizes a format for the security event that is unique to that vendor.
System administrators monitor the security events and/or logs to determine whether any modification to the security services and/or products are required to maintain network security. Unfortunately, in an enterprise network, the volume of security events makes it difficult to monitor the network security in real time. Thus, while there may be a well-defined security policy, assuring the policy is properly implemented at all times on the network is difficult, if not impossible.
This problem is exacerbated because there is not a common technique or structure for security events. Consequently, a system that attempts to monitor security events from multi-vendor security services and products is required to deal with the various formats, protocols, structures etc., associated with each security product and/or service on the network. For this reason, an integrated approach to network security management is a very complex and difficult to implement. Moreover, an approach developed for one enterprise network many not be applicable to another enterprise network due to the differences in the network structure, the security products and services, and the use of the network.